Can anyone help me with a HijackThis log report???

Ive posted on other computer forums, but its taking ages to get a reply.

Il post it here and i was hoping there would be someone with a little knowledge on this kind of thing.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:39:34 PM, on 10/17/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.co.uk...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.orange.co.uk...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
O2 - BHO: QFX Software KeyScrambler - [2B9F5787-88A5-4945-90E7-C4B18563BC5E] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - [3CA2F312-6F6E-4B53-A66E-4E65E497C8C0] - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)
O2 - BHO: Windows Live Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - [E7E6F031-17CE-4C07-BC86-EABFE594F69C] - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O9 - Extra button: (no name) - [5C106A59-CC3C-4caa-81A4-6D909B5ACE23] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra 'Tools' menuitem: &KeyScrambler... - [5C106A59-CC3C-4caa-81A4-6D909B5ACE23] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll
O9 - Extra button: (no name) - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk
O16 - DPF: [0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75] (CKAVWebScan Object) - www.kaspersky.com...
O16 - DPF: [4F1E5B1A-2A80-42CA-8532-2D05CB959537] (MSN Photo Upload Tool) - gfx2.hotmail.com...
O16 - DPF: [5D86DDB5-BDF9-441B-9E9E-D4730F4EE499] (BDSCANONLINE Control) - download.bitdefender.com...
O16 - DPF: [B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD] (TSEasyInstallX Control) - www.trendsecure.com...
O18 - Protocol: linkscanner - [F274614C-63F8-47D5-A4D1-FBDDE494F8D1] - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

--
End of file - 5556 bytes


Also, when i shut down, it takes a long time to either restart or shut down, ive heard this is evident of a torjan problem of some kind and wondered if anyone had any idea's or help on that too.

I notice mentions of kasperky and other software that i dont use anymore on that log file, just recently i changed to zone alarm firewall, avg anti virus, thats what im currently using.

Any help is greatly appreciated.

I'm sorry,I can't help you with the log,but when I had this problem,I downloaded that windows professional cleaner v2 (free) and it all went away. It sorts out any spyware-adware,registry problems start up problems. It's a kind of one fix all,and it's pretty good as it goes.
www.iobit.com...


if you don't want to download anything,then you can use the activex scan. You select run,or open,not save when the link opens,and it scans your system for any spyware-adware that slow up your system. www.spywareinfo.com...


Also,do you use AOL? Their software is horrible and not very pc friendly. And was one of the causes of my problems. (I dumped aol since)

hope this can be of some use to you

edit-you're just using zone alarm and avg? Dude,you need a little more protection that that these days. Whilst the 2 you have are great,and do the job nicely,you also need a decent spyware and adware blocker. May I suggest you download ad-aware and spybot search & destroy. both free,and should help you keep your system clean and running smoothly. (combined with what you have,and (I also use) the first link I posted,and that's the shnizz

[edit on 18/10/2008 by Acidtastic]

reply to post by Denied


I do not see anything wrong in that log, but it does not mean that everything is fine.

Taking too much time to shutdown and to start is not a sure sign of anything, I had once that problem until I noticed that my profile was taking more than 5GB of disk space, and Windows had to manage it when I logged-in and shut down.

You can try Process Explorer to see what processes are running on the computer, and it has a handy feature that lets you make a Google search on any of the processes to see what they are.

You can also try AutoRuns and Rootkit Revealer. Trying TCPView to see what processes are using the network may also be a good idea.

the only thing that really popped when i saw it was this

O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

i'm not sure what it is so it stood out to me. you may want to try and figure out more info on it

Thanks Acidtastic, i do actually have spy bot search and destroy, and do regular scans, i will check out those links too.

To add, that link www.iobit.com... is a brilliant tool, and recommend anyone who hasn't used it, to do so!

Also thanks ArMaP, and i will also check out those links.

Yes Barathrum, i did see that one too, looks a bit suspicious doesn't it.

Thanks for all your help people, have a beer on me

[edit on 18-10-2008 by Denied]

Originally posted by Barathrum
the only thing that really popped when i saw it was this

O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

i'm not sure what it is so it stood out to me. you may want to try and figure out more info on it

Yes, that is a BHO that should be removed. USE CAUTION. Some times (rarely) a BHO that is malicious will intertwine itself in your TCP/IP stack and will defeat your ability to logon and get online with your ISP (usually modem users)

============
This looks funny. Few apps will dump something in the "Windows" root directory:

Make sure you know what this is:
O9 - Extra button: (no name) - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe

============
What is this?
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG

Remember, once you remove them getting it back isn't easy.

Having said that when I get a BHO I don't recognize (I have NONE) I kill it immediately. (never had any on Windows Vista)

You didn't say what problem you are experienceing.

Lots of 'stuff' in there. I would NOT be surprised if some applications are CONFLICTING - i.e. they may be benign or appropos but if they conflict (call different routines that don't run well together) it could impede your browsing.

Can you get a clean copy of a different browser? Suggest a clean install of FF? Modem? DSL? Cable?

Give us a quick rundown of what application you KNOW you are running that corresponds to each line of that if you'd be so kind.

Good luck!

Ok Badge01 il do my best here, and thanks for your wisdom!

Problem is, been a victim of hacking by a persistent idiot whom i know, but he always denies it, ex's brother with a chip on his shoulder lol.

So have always fought of various back doors, trojans etc, have only been accustomed to hijackthis recently, and thought it might show up any hidden stuff that i cant shift.

I have just upgraded/reinstalled ff to the latest version, dont use explorer much only for msn email, and am on adsl, i think, 8meg connection.

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG is i believe Agere systems PCI soft modem.

O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file) I have no idea what that is, how do i kill it?

O9 - Extra button: (no name) - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe Again i have no idea what that is, can i kill it?

Apparently its related to bit defender online scanner.

Description: bdoscandel.exe is the uninstaller for BitDefender Online Scanner. It is located at %WinDir% directory. This is a non-essential program. You can safely remove it.

Although it could be something else??

No problem with browsing.

Give us a quick rundown of what application you KNOW you are running that corresponds to each line of that if you'd be so kind.

Which part of the list to you want me to clarify?

All of these??

Il do my best to add under each one what i think it is.


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.orange.co.uk...

Add on on explorer.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.orange.co.uk...

Add on on explorer.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

My homepage on explorer i think that relates to.

O2 - BHO: QFX Software KeyScrambler - [2B9F5787-88A5-4945-90E7-C4B18563BC5E] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

A handy tool to encrpt all my typing if key logger is installed that i cant get rid of.

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - [3CA2F312-6F6E-4B53-A66E-4E65E497C8C0] - C:\Program Files\AVG\AVG8\avgssie.dll

Something to do with avg anti virus??

O2 - BHO: Java(tm) Plug-In SSV Helper - [761497BB-D6F0-462C-B6EB-D4DAF1D92D43] - C:\Program Files\Java\jre6\bin\ssv.dll

Java program??


O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

Have no idea, looks dodgy!

O2 - BHO: Windows Live Sign-in Helper - [9030D464-4C02-4ABF-8ECC-5164760863C6] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

Something to do with msn messenger that has to be installed to use msn messenger i believe.

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - [DBC80044-A445-435b-BC74-9C25C1C588A9] - C:\Program Files\Java\jre6\bin\jp2ssv.dll

Again java.

O2 - BHO: JQSIEStartDetectorImpl - [E7E6F031-17CE-4C07-BC86-EABFE594F69C] - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

Again java.

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

That soft modem as described earlier.

O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

firewall.

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

Avg anti virus.

O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m

Windows care program.

O9 - Extra button: (no name) - [5C106A59-CC3C-4caa-81A4-6D909B5ACE23] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

Again that encryption program for when i type.

O9 - Extra 'Tools' menuitem: &KeyScrambler... - [5C106A59-CC3C-4caa-81A4-6D909B5ACE23] - C:\Program Files\KeyScrambler\KeyScramblerIE.dll

Again that encryption program for when i type.

O9 - Extra button: (no name) - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe

Not a clue, looks and sounds dodgy!

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - [85d1f590-48f4-11d9-9669-0800200c9a66] - C:\WINDOWS\bdoscandel.exe

I have done online scanners in the past funny how it relates to the above line.

O9 - Extra button: (no name) - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Have no clue.

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - [e2e2dd38-d088-4134-82b7-f2ba38496583] - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Have no clue.

O14 - IERESET.INF: START_PAGE_URL=http://www.orange.co.uk

Im with prange broadband, so must relate to that??

O16 - DPF: [0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75] (CKAVWebScan Object) - www.kaspersky.com...

Online scanner leftovers??

O16 - DPF: [4F1E5B1A-2A80-42CA-8532-2D05CB959537] (MSN Photo Upload Tool) - gfx2.hotmail.com...

Have no idea.

O16 - DPF: [5D86DDB5-BDF9-441B-9E9E-D4730F4EE499] (BDSCANONLINE Control) - download.bitdefender.com...

Online scanner leftovers??

O16 - DPF: [B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD] (TSEasyInstallX Control) - www.trendsecure.com...

?? Zone alarm??

O18 - Protocol: linkscanner - [F274614C-63F8-47D5-A4D1-FBDDE494F8D1] - C:\Program Files\AVG\AVG8\avgpp.dll

Avg anti virus??

O20 - AppInit_DLLs: avgrsstx.dll

Avg anti virus??

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

Ati is my video card.

O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

Avg anti virus??

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

Avg anti virus??

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

No idea.

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

More java???

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

I have nero installed.

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

Mobile phone software i think to connect my mobile.

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Zone labs.

O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe (file missing)

Left over online scanner stuff??

I dont know if ive done the right thing there, as you probably could tell most of that yourself, without me telling you, let me know what else you need to know, and many thanks.



[edit on 18-10-2008 by Denied]

[edit on 18-10-2008 by Denied]

[edit on 18-10-2008 by Denied]

One of the advantages of AutoRuns is that it is easy to disable something that is run at start-up and see if everything works fine, if it doesn't we just have to check the box next to its name to re-enable it.

After confirmation of what can be deleted we can delete the files from the list (and from the related registry or file).

reply to post by ArMaP


Thanks ArMap, im going through it now, quite complex, bit late now, but something i can look through when more time, its late here now

Thanks for your help.

reply to post by Denied


OK, if you're being hacked by an ex-es brother, and you have no browsing problems, what is the nature of the hack?

I BET he has gotten hold of one of passwords, either to email or a forum.

He is probably NOT using a key logger or anything to do with your browser.

SO, I'd suggest changing your passwords ONE AT A TIME. If the hacking stops you've hit on it. Start with your email.

HTH.

(I'd get rid of that very first BHO but wait until later)

U2U me for more help.

This one?

O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

How do i kill it?


I have u2u'd you with more info



[edit on 18-10-2008 by Denied]

[edit on 18-10-2008 by Denied]

Your computer maybe chock full of rubbish...

Use CCleaner, it will help remove rubbish that is on your system.

It is Shareware.

Here's a link, via Cnet:

www.download.com...

As I usually ask, can you let me know how many MG or GIG it removes?

Cheers, Fox.

Also for best results run in safe-mode.

reply to post by fox_3000au


Yes thanks, used that yesterday and will continue to do so, cleaned about 100mb if i remember correctly.

My system is alot cleaner as of yesterday thanks to all your help people.

just format c: and reinstall

quicker then cleaning

can be finished and surfing in 2 hours

reply to post by Fett Pinkus


Yes, but by doing that the knowledge gathered will be zero, and the same thing can happen again anytime, the origin of the problem was not identified.

That is why I still have a disk from my Windows 95 system that I never formated since 1998.

reply to post by ArMaP


I ran that rootkit revealer and found a LOT of stuff.
Huge.
Now, what?
AVG hasn't done anything, much about them.
I also used hijackthis. Thanks!

reply to post by Clearskies


Care to post what your Rootkit thingie found? It might help people look up the bad guys and see what they did to you.

Thanks!

reply to post by Badge01

O.K., let me get it!
Thanks!

The following line pointed out earlier:

O2 - BHO: (no name) - [7E853D72-626A-48EC-A868-BA8D5E23E045] - (no file)

Doesn't look that suspicious. Its just something that HJT tried to resolve and it came to a dead end. Its related to Windows Messenger Live. You can google up the class id (I believe its been a while) and verify it, which are the numbers inside the curly braces.

Its just a little orphan you can put it out of its misery most likely by just cleaning your registry. You can do it manually or just use CrapCleaner.

Cheers. And remember, sometimes its handy to search for BHO information with the class ID.

Edit: You might also find this automatic analyzer helpful: www.hijackthis.de...

[edit on 27-10-2008 by Kluge]

O.K., this is weird.
I went to do another scan and AVG kept overriding all my cpu,s or whatever. Then when I closed all of avg, idle process took all the juice and I couldn't stop that.
I FINALLY got a scan finished with over 8,000 discrepancies, I tried to save it, and it wouldn't then it shut down.
This is one I did earlier, but, now, I can barely get a scan and CAN'T save it for you to see;

HKLM\SECURITY\Policy\Secrets\SAC* 1/25/2004 10:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SECURITY\Policy\Secrets\SAI* 1/25/2004 10:42 PM 0 bytes Key name contains embedded nulls (*)
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed 10/27/2008 8:25 AM 80 bytes Data mismatch between Windows API and raw hive data.
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\Safari\History\_8va.cfs 10/27/2008 8:26 AM 146.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\Safari\History\_8vc.cfs 10/27/2008 8:37 AM 146.47 KB Visible in Windows API, but not in MFT or directory index.
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\Safari\History\_8vg.cfs 10/27/2008 8:37 AM 174.86 KB Hidden from Windows API.
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\Safari\History\_8vg.del 10/27/2008 8:40 AM 10 bytes Hidden from Windows API.
C:\Documents and Settings\Owner\Local Settings\Application Data\Apple Computer\Safari\History\_8vm.cfs 10/27/2008 8:40 AM 39.73 KB Hidden from Windows API.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OOKWURST\rss[1].xml 10/27/2008 9:03 AM 162 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010002.ci 10/27/2008 8:30 AM 168.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010002.dir 10/27/2008 8:30 AM 1.42 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010005.ci 10/27/2008 8:30 AM 164.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010005.dir 10/27/2008 8:30 AM 1.24 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010006.ci 10/27/2008 8:31 AM 644.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010006.dir 10/27/2008 8:31 AM 3.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010007.ci 10/27/2008 8:31 AM 304.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010007.dir 10/27/2008 8:31 AM 2.21 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010008.ci 10/27/2008 8:31 AM 48.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010008.dir 10/27/2008 8:31 AM 625 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010009.ci 10/27/2008 8:32 AM 60.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010009.dir 10/27/2008 8:32 AM 658 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000A.ci 10/27/2008 8:32 AM 88.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000A.dir 10/27/2008 8:32 AM 739 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000B.ci 10/27/2008 8:33 AM 20.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000B.dir 10/27/2008 8:33 AM 414 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000D.ci 10/27/2008 8:34 AM 488.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000D.dir 10/27/2008 8:34 AM 5.24 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000E.ci 10/27/2008 8:41 AM 36.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000E.dir 10/27/2008 8:41 AM 504 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000F.ci 10/27/2008 8:49 AM 24.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\0001000F.dir 10/27/2008 8:49 AM 457 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010010.ci 10/27/2008 8:50 AM 104.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010010.dir 10/27/2008 8:50 AM 921 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010011.ci 10/27/2008 8:51 AM 80.00 KB Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010011.dir 10/27/2008 8:51 AM 779 bytes Visible in Windows API, MFT, but not in directory index.
C:\System Volume Information\catalog.wci\00010012.ci 10/27/2008 9:12 AM 116.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010012.dir 10/27/2008 9:12 AM 1.06 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010013.ci 10/27/2008 8:52 AM 924.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010013.dir 10/27/2008 8:52 AM 5.45 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010014.ci 10/27/2008 9:12 AM 832.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010014.dir 10/27/2008 9:12 AM 4.99 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010015.ci 10/27/2008 8:52 AM 516.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010015.dir 10/27/2008 8:52 AM 3.72 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010016.ci 10/27/2008 9:13 AM 196.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010016.dir 10/27/2008 9:13 AM 1.53 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\00010019.ci 10/27/2008 9:14 AM 6.25 MB Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\catalog.wci\00010019.dir 10/27/2008 9:14 AM 38.45 KB Visible in directory index, but not Windows API or MFT.
C:\System Volume Information\catalog.wci\0001001B.ci 10/27/2008 8:56 AM 1.14 MB Hidden from Windows API.
C:\System Volume Information\catalog.wci\0001001B.dir 10/27/2008 8:56 AM 7.03 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffc.000 10/27/2008 8:25 AM 240 bytes Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffc.001 10/27/2008 8:25 AM 448.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffc.002 10/27/2008 8:25 AM 448.00 KB Visible in Windows API, but not in MFT or directory index.
C:\System Volume Information\catalog.wci\CiFLfffd.000 10/27/2008 8:51 AM 240 bytes Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffd.001 10/27/2008 8:51 AM 448.00 KB Hidden from Windows API.
C:\System Volume Information\catalog.wci\CiFLfffd.002 10/27/2008 8:51 AM 448.00 KB Hidden from Windows API.
C:\WINDOWS\Prefetch\AVGRSX.EXE-0CBF9C06.pf 10/27/2008 9:03 AM 52.70 KB Hidden from Windows API.
C:\WINDOWS\Temp\65920082710091140 10/27/2008 9:11 AM 0 bytes Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\Temp\65920082710091140\config.dat 11/29/2006 8:44 AM 40.17 KB Visible in Windows API, MFT, but not in directory index.
C:\WINDOWS\Temp\65920082710091140\config.ini 1/31/2008 8:51 AM 1.78 KB Visible in Windows API, MFT, but not in directory index.
D: 0 bytes Error mounting volume

Any suggestions????